public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName);
Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName);
SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash);
Assert.Equal(
hashAlgorithmName,
CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
var serialNumber = certificate.GetSerialNumber();
// Convert from little endian to big endian.
Array.Reverse(serialNumber);
SignTestUtility.VerifyByteArrays(
serialNumber,
essCertIdV2.IssuerSerial.SerialNumber);
}
}
public void Read_WithMultipleEssCertIds_ReturnsSigningCertificate()
{
var bcEssCertId1 = CreateBcEssCertId("1");
var bcEssCertId2 = CreateBcEssCertId("2");
var bcEssCertId3 = CreateBcEssCertId("3");
var bcSigningCertificate = new BcSigningCertificate(
new DerSequence(new DerSequence(bcEssCertId1, bcEssCertId2, bcEssCertId3)));
var bytes = bcSigningCertificate.GetDerEncoded();
var signingCertificate = SigningCertificate.Read(bytes);
Assert.Equal(3, signingCertificate.Certificates.Count);
Assert.Null(signingCertificate.Policies);
SignTestUtility.VerifyByteArrays(
bcEssCertId1.GetCertHash(),
signingCertificate.Certificates[0].CertificateHash);
Assert.Null(signingCertificate.Certificates[0].IssuerSerial);
SignTestUtility.VerifyByteArrays(
bcEssCertId2.GetCertHash(),
signingCertificate.Certificates[1].CertificateHash);
Assert.Null(signingCertificate.Certificates[1].IssuerSerial);
SignTestUtility.VerifyByteArrays(
bcEssCertId3.GetCertHash(),
signingCertificate.Certificates[2].CertificateHash);
Assert.Null(signingCertificate.Certificates[2].IssuerSerial);
}
public void Read_WithValidInput_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var expectedSigningCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithmName);
var bytes = expectedSigningCertificateV2.Encode();
var actualSigningCertificateV2 = SigningCertificateV2.Read(bytes);
Assert.Equal(
expectedSigningCertificateV2.Certificates.Count,
actualSigningCertificateV2.Certificates.Count);
for (var i = 0; i < expectedSigningCertificateV2.Certificates.Count; ++i)
{
var expectedEssCertIdV2 = expectedSigningCertificateV2.Certificates[i];
var actualEssCertIdV2 = actualSigningCertificateV2.Certificates[i];
Assert.Equal(
expectedEssCertIdV2.HashAlgorithm.Algorithm.Value,
actualEssCertIdV2.HashAlgorithm.Algorithm.Value);
SignTestUtility.VerifyByteArrays(
expectedEssCertIdV2.CertificateHash,
actualEssCertIdV2.CertificateHash);
Assert.Equal(
expectedEssCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name,
actualEssCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SignTestUtility.VerifyByteArrays(expectedEssCertIdV2.IssuerSerial.SerialNumber,
actualEssCertIdV2.IssuerSerial.SerialNumber);
}
}
}
public void Read_WithMultipleEssCertIds_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName)
{
var bcEssCertIdV2_1 = CreateBcEssCertIdV2(hashAlgorithmName, "1");
var bcEssCertIdV2_2 = CreateBcEssCertIdV2(hashAlgorithmName, "2");
var bcEssCertIdV2_3 = CreateBcEssCertIdV2(hashAlgorithmName, "3");
var bcSigningCertificateV2 = new BcSigningCertificateV2(
new[] { bcEssCertIdV2_1, bcEssCertIdV2_2, bcEssCertIdV2_3 });
var bytes = bcSigningCertificateV2.GetDerEncoded();
var signingCertificate = SigningCertificateV2.Read(bytes);
Assert.Equal(3, signingCertificate.Certificates.Count);
Assert.Null(signingCertificate.Policies);
SignTestUtility.VerifyByteArrays(
bcEssCertIdV2_1.GetCertHash(),
signingCertificate.Certificates[0].CertificateHash);
Assert.Null(signingCertificate.Certificates[0].IssuerSerial);
SignTestUtility.VerifyByteArrays(
bcEssCertIdV2_2.GetCertHash(),
signingCertificate.Certificates[1].CertificateHash);
Assert.Null(signingCertificate.Certificates[1].IssuerSerial);
SignTestUtility.VerifyByteArrays(
bcEssCertIdV2_3.GetCertHash(),
signingCertificate.Certificates[2].CertificateHash);
Assert.Null(signingCertificate.Certificates[2].IssuerSerial);
}
public void Read_WithOnlyCertificateHash_ReturnsEssCertIdV2()
{
var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach"));
var bcEssCertId = new BcEssCertIdV2(hash);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value);
SignTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
Assert.Null(essCertIdV2.IssuerSerial);
}
public void Read_WithDefaultAlgorithmIdentifier_ReturnsEssCertIdV2()
{
var directoryName = new X509Name("CN=test");
var generalNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, directoryName));
var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One));
var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach"));
var bcEssCertId = new BcEssCertIdV2(hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SignTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
SignTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber);
}
public void Read_WithValidInput_ReturnsEssCertId()
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var bcCertificate = DotNetUtilities.FromX509Certificate(certificate);
var bcGeneralNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN));
var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber));
var hash = SignTestUtility.GetHash(certificate, Common.HashAlgorithmName.SHA256);
var bcEssCertId = new BcEssCertId(hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertId = EssCertId.Read(bytes);
Assert.Equal(1, essCertId.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertId.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SignTestUtility.VerifyByteArrays(hash, essCertId.CertificateHash);
SignTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertId.IssuerSerial.SerialNumber);
}
}
